Electronic Passport

In 2006 Lukas Grunwald already demonstrated how easy it is to clone electronic passports in front of a live audience at the Black Hat security conference in Las Vegas. The new passport is equipped with a RFID chip storing a number of personal and biometric data about its holder. Grunwald also pointed out several design flaws posing serious security risks - among them the inability to verify or revoke digital certificates used by participating countries to encrypt the data stored on the passport. In July 2008 as many as 3000 blank passports were reported stolen in the UK. Combine this with the latest news stating that computer expert Jeroen van Beek from the University of Amsterdam was not only able to clone but also to modify the data stored on the passport and we can expect to see fake passports that will be accepted as genuine by border control computers in the near future.

FasTrak Electronic Toll System

FastTrak, the electronic toll system used in the Bay Area as a convenient way to pay bridge toll and in the near future also parking fees at the San Francisco airport and other selected locations, is based on active RFID tags placed in the windshield. Nate Lawson from Root Labs reverse engineered the tag and identified serious security flaws allowing, among other things, to easily clone the tag, so that an attacker could use the system at someone else's expense. Lawson has demonstrated his findings at Black Hat security conference in Las Vegas in August 2008.

Applications based on Mifare Classic - OysterCard and Similar Applications

On-tag encryption, if used at all, is typically proprietary and weak due to physical limitations and cost constraints. Once the encryption features of an RFID tag are broken, the tag becomes nothing more than an ordinary data tag that can easily be manipulated with tools like RFDump.

For example, the security features of the Mifare Classic chip, which is used in public transport systems and building access control world-wide today, has recently been compromised. At the Chaos Computer Congress 2007 Karsten Nohl a cryptographer and graduate student from the University of Virginia presented results of his research. Nohl had analyzed the Mifare chip layer by layer under an electron microscope and reverse engineered significant parts of its proprietary encryption logic revealing major design flaws showing how easy it is to break the chip's security features. Building on the research results of Nohl and others working on similar projects the security features of the Mifare Classic chip can be broken within minutes without expensive equipment using a standard PC.

With the dollar amount of the ticket directly stored on the tag, ticketing systems based on this chip, like the OysterCard in London or the Dutch RFID based transit pass, are at risk. An attacker could attempt to either clone a ticket or change its value to gain illegal access to the service provided. Similar cloning and tampering scenarios apply to other open loop applications as well, including hotel key cards, ski lift and event tickets, electronic payment systems and the electronic passport.

NXP, the manufacturer of the Mifare chips, lost a lawsuit in July 2008 where the company was trying to prevent researchers from Dutch Radboud University Nijmegen from publishing a paper detailing their findings regarding security flaws in the Mifare Classic chips.

Credit Cards with RFID

A number of modern credit cards, including cards issued by Visa, MasterCard and American Express are now equipped with an RFID chip. Currently, it is possible to skim information off these chips including sensitive data such as the customer's name, account number and card expiration date. Since strong encryption is not implemented, all that is required is standard RFID reader hardware, and publicly available software.

A practical attack could work like this: An attacker with access to a mail distribution center employs an RFID reader to skim credit card information from letters containing newly issued credit cards. Even though the envelopes are sealed and do not reveal their precious content from the outside, it does not matter since RFID works remotely and does not require line of sight. After collecting credit card data for a while the attacker might sell the records over the Internet, after which they may be used for credit card fraud on a massive scale.

RFID Applications based on EPC Tags with Password Protection

EPC Class 1 Gen 1 tags employ an 8 bit kill password. The kill password can easily be deduced using a brute-force attack (essentially trying out all possible password combinations until the correct one is found). This is especially easy since no lockout counter is implemented that would refuse or delay further requests after a number of failed requests. Furthermore, most RFID applications use the same passwords for a large number of tags to avoid the complexity associated with a sophisticated key management system.

EPC Class 1 Gen 2 tags now employ 32 bit kill and read passwords making brute force attacks less feasible (but not impossible). Furthermore these tags are susceptible to side-channel attacks. Rather than trying to break the encryption algorithm itself, side-channel attacks are based on power and timing analysis of the physical chip. That these attacks are real has been demonstrated by Adi Shamir and others.

Once the passwords are obtained data stored on Gen 2 tags can be freely read and modified.

Reading and Manipulating RFID Tags

Most attacks against RFID systems require reading and manipulating RFID tag data. The following step-by-step description outlines this process:

Read tag data from one or more legitimate tags - typically the bigger the data set the better for the subsequent analysis.

Analyze tag data and reverse engineer application data structures.

Taylor an attack against the specific application. A technically savvy attacker could invent a new exploit or build on known vulnerabilities that have been published on the Internet.

Write modified tag data to a blank tag.

Bring rogue tag into the reader field of the RFID application.

Reading and writing tag data manually is a tedious process, but there are tools available greatly simplifying this task. One of these tools is RFDump.

Using RFDump to Manipulate RFID Tag Data

If the RFID tags are password protected an attacker can still follow the same strategy. However, extra steps are necessary to obtain the necessary keys to break the tag such as a brute force or side channel attack - these types of attacks are very feasible for low cost RFID systems such as EPC tags or Mifare Classic tags.